Rule: Backup Recovery Points Should Not Expire Before Retention Period
This rule ensures that backup recovery points are retained for the required duration to meet data retention policies.
| Rule | Backup recovery points should not expire before retention period |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Low |
Rule Description: Backup Recovery Points Expiry Should Not Occur Before Retention Period for CISA Cyber Essentials
This rule ensures that the backup recovery points for CISA Cyber Essentials compliant systems do not expire before the defined retention period. It helps maintain the integrity and availability of critical data by ensuring that the backups are retained for a specified period to facilitate effective recovery.
Troubleshooting Steps:
- 1.Check the configuration settings of the backup software or system used for CISA Cyber Essentials compliance.
- 2.Review the defined retention period for backup recovery points.
- 3.Verify the expiry date of the recovery points against the retention period.
- 4.Check the backup software logs for any reported issues or errors related to recovery point expiration.
Necessary Codes:
If using a backup software system that allows scripting or automation, the following code can be used to check and enforce the retention period:
Example using PowerShell:
$RetentionPeriod = 30 # Define the retention period in days
$RecoveryPoints = Get-BackupRecoveryPoints # Replace with appropriate cmdlet to retrieve recovery points
foreach ($RecoveryPoint in $RecoveryPoints) {
$ExpiryDate = $RecoveryPoint.ExpiryDate
$RetentionEndDate = (Get-Date).AddDays(-$RetentionPeriod)
if ($ExpiryDate -lt $RetentionEndDate) {
Remove-BackupRecoveryPoint -Id $RecoveryPoint.Id # Replace with appropriate cmdlet to remove recovery point
}
}
Step-by-Step Guide for Remediation:
Follow these steps to ensure that backup recovery points do not expire before the defined retention period:
- 1.Identify the backup software or system used for CISA Cyber Essentials compliance.
- 2.Access the configuration settings or administrative console for the backup software.
- 3.Locate the section or option related to backup retention or recovery point expiration.
- 4.Review the currently defined retention period for the recovery points.
- 5.Confirm that the retention period aligns with the required duration specified by CISA Cyber Essentials.
- 6.If the retention period is set correctly, no further action is required. Otherwise, proceed to the next step.
- 7.Adjust the retention period to match the requirements specified by CISA Cyber Essentials.
- 8.Save the changes and ensure that they are applied to all relevant backup jobs or policies.
- 9.Monitor the backup software or system to verify that the recovery points are retained for the defined period and do not expire prematurely.
- 10.If any recovery points are found to expire before the retention period, consider reviewing the backup software logs for any reported issues or errors.
- 11.If troubleshooting steps are executed, follow the appropriate actions to resolve the reported issues and ensure proper backup retention.
- 12.Regularly review and validate the backup recovery points to ensure compliance with the defined retention period.
Note: The provided example code is based on PowerShell and may require modification to fit the specific backup software being used. Refer to the software's documentation for the appropriate cmdlets or APIs to manage backup recovery points.